SurveyMonkey
Single Sign-On (SSO)
How SSO Works
ENTERPRISE FEATURE: Single Sign On (SSO)
Single Sign-On (SSO) lets everyone on your Enterprise team log in to SurveyMonkey using your organization’s corporate login credentials.
SSO removes the need to maintain a separate SurveyMonkey username and password. Your organization can control who can access your SurveyMonkey team and create authentication policies for increased security.
SurveyMonkey’s SSO solution follows the SAML 2.0 specification and is Service Provider (SP) initiated.
- SSO glossary
Setting Up SSO
After your organization upgrades to an Enterprise plan, you'll be given the option to set up SSO for your team's account—only 1 IdP per Enterprise team. We'll then contact your team’s Primary Admin to start the setup process and connect with your IT department. We recommend waiting to invite people to your Enterprise team until SurveyMonkey confirms that SSO is set up properly.
TIP! If you already have an Enterprise plan, reach out to your CSM to get set up with SSO.
Here's a high-level breakdown of what to expect when setting up SSO:
Input and map metadata
Your unique SurveyMonkey metadata (Entity ID and ACS URL) is provided to you by your Technical Solutions Manager.
- Mapping guide
Send us your metadata
Send SurveyMonkey your organization's metadata URL. If you’re unable to send the metadata URL, provide the XML file. We'll set up SSO in our system and send you steps to validate that it's working correctly.
We need the following from you:
- Entity ID
- HTTP Redirect Endpoint
- X.509 Certificate (specifically the Signing KeyType)
SurveyMonkey will set up SSO in our system and send you steps to validate that it's working correctly.
Invite employees to access SurveyMonkey
If you want to restrict some employees from accessing your team, you can use a security group to permit or deny claims on the IdP side.
Primary Admins and Admins can always see how many Empty seats are available on their team from the Team Summary. When you’re ready, click Add Users from the top navigation bar and then Copy link to share with people you want to invite.
Users will be able to create or convert an account to log in with SSO.
Check if a user has SSO enabled
After your organization sets up SSO, Admins can see whether or not a user has SSO enabled on their Survey Monkey account.
- Go to My Team and select Manage Users.
- Search for the person by entering their email.
- The SSO column will show a key icon next to the user’s email if SSO is enabled.
If they don’t have SSO enabled, it could be for a few different reasons. Connect with your Customer Success Manager to learn more.
Logging In and Managing Login Credentials
Create or convert an account
The first time you log in to an SSO enabled SurveyMonkey account, choose to Create a new account or Convert an account.
- Create a new account: Start fresh with no surveys.
- Convert an account: Make sure to review what to expect. You'll need to log in with your current SurveyMonkey username and password to authorize that you want to convert and move your surveys to your team.
TIP! You can find your username in the Login Details section of My Account.
After that initial login, you're all set up to log in to SurveyMonkey or the SurveyMonkey app with SSO.
Logging in to SurveyMonkey
To log in using SSO:
- From SurveyMonkey, click Log in with SSO.
- Enter your work email and click Continue.
- Enter your corporate login credentials.
If you don't first authorize converting your existing account, you'll see an error message when you try to sign in.
Logging in to the mobile app
- Logging in with the iPhone app
- Logging in with the Android app
Managing login credentials
After SSO is set up, everyone who has an SSO account will have their login credentials are managed by your organization's network.
Please contact your IT department or network admin to:
- Reset your password
- Change your username
- Change your email address
Troubleshooting Login Errors
Below are common errors with potential solutions to help resolve them.
- We’re unable to authenticate your info at this time.
- The account you’re trying to log in to may be pending deletion.
- The account you’re trying to log in to was reassigned by your Admin.
- We’re not able to find your account ID in our system.
- We’re not able to identify your group information.
- We’re not able to identify your group information due to an incorrect certificate.
TIP! If you need to contact us for support, please copy the error page’s URL and include it in your email.
Enabling Respondent Authentication
SSO-enabled accounts can use Respondent Authentication to send more secure internal surveys and track the people taking your survey with SSO metadata. Respondents don't need a SurveyMonkey account to take the survey.
TIP! Primary Admins can set a default Respondent Authentication setting for their entire Enterprise team.
Require survey takers to log in with SSO
Respondent Authentication on the Web Link collector only requires survey takers to log in through SSO to access your survey, without needing a SurveyMonkey account.
Responses are tracked with their SSO metadata—first name, last name, and email address. It isn't possible to make responses anonymous when Respondent Authentication is turned on.
Respondent Authentication is for surveys taken on personal devices—don't enable Respondent Authentication on a public or shared device.
To turn on Respondent Authentication:
- Log in to SurveyMonkey using your organization’s corporate login credentials (SSO).
- Go to the Collect Response section of your survey.
- Add a Web Link collector. Or, click the name of an existing Web Link.
- Click Respondent Authentication.
- Select On, your respondents need to authenticate to take your survey.